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From: 

Sent: 

To: 

Cc: 

Subject: 

Attachments: 


Kleiner, Kris <kris.kleiner@nortonrosefulbright.com> 
Tuesday, September 01, 2015 4:50 PM 
Breach, AG 
Kleiner, Kris 

Legal Notice of Information Security Incident 
48780488_3.pdf; Notice Template.pdf 


Dear Sir or Madam, 

Please find attached a Legal Notice of an Information Security Incident and a template of the form notice that will be 
provided to affected Connecticut Residents. 

Please feel free to contact me should you have any questions. 

Yours truly, 

Kris Kleiner 

Kris Kleiner | Associate 
Norton Rose Fulbright US LLP 

Tabor Center, 1200 17th Street, Suite 1000, Denver, Colorado 80202-5835, United States 

Tel +1 303 801 2758 | Fax +1 303 801 2777 

kris.kleiner@nortonrosefulbright.com 

NORTON ROSE FULBRIGHT 

Law around the world 
nortonrosefulbriqht.com 

Norton Rose Fulbright - top 3 global !&£§! brand -' Acritas’ Sharplegal 2014 Global Elite Brand Index 


CONFIDENTIALITY NOTICE: This email, including any attachments, is confidential and may be privileged. If you are not 
the intended recipient please notify the sender immediately, and please delete it; you should not copy it or use it for any 
purpose or disclose its contents to any other person. Norton Rose Fulbright entities reserve the right to monitor all email 
communications through their networks. 

Norton Rose Fulbright Australia, Norton Rose Fulbright LLP, Norton Rose Fulbright Canada LLP, Norton Rose Fulbright 
South Africa Inc and Norton Rose Fulbright US LLP are separate legal entities and all of them are members of Norton 
Rose Fulbright Verein, a Swiss verein. Norton Rose Fulbright Verein helps coordinate the activities of the members but 
does not itself provide legal services to clients. Details of each entity, with certain regulatory information, are available at 
nortonrosefulbright.com. 
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NORTON ROSE FULBRIGHT 


September 1, 2015 

Via E-Mail (ag.breach@ct.gov) 


State of Connecticut Attorney General 
55 Elm Street 
Hartford, CT 06106 


Norton Rose Fulbright US LLP 
Tabor Center 

1200 17th Street, Suite 1000 
Denver, Colorado 80202-5835 
United States 

Direct line +1 303 801 2758 
kris.kleiner@nortonrosefulbright.conn 

Tel +1 303 801 2700 
Fax +1 303 801 2777 
nortonrosefulbright.com 


Re: Legal Notice of Information Security Incident 

Dear Sirs or Madams: 

I write on behalf of my client, the Lando Law Firm, LLC (“the Firm”), to inform you of a potential 
security incident involving personal information provided to the Firm that may have affected 
approximately four Connecticut residents. The Firm is notifying these individuals and outlining 
some steps they may take to help protect themselves. 

On June 3, 2015, the Firm learned that an unauthorized individual had gained access to one of 
the Firm’s email accounts. The Firm believes that certain personal information, including Social 
Security Number, bank account number, and driver’s license number, may have been contained 
within emails sent to or from this account. 

The Firm takes the privacy of personal information seriously, and deeply regrets that this 
incident occurred. Upon learning of the incident, the Firm promptly took steps to address the 
situation, including changing the account credentials to prevent additional unauthorized access 
to the account and implemented additional security measures on all company email accounts, 
including two-factor authentication, and providing additional information and employee training 
about these threats to help prevent this type of incident from recurring in the future. 

Affected individuals are being notified via written letter, which includes an offer for one year of 
complimentary identity protection and fraud resolution services. These notifications will begin 
mailing on or around September 4, 2015. Form copies of the notices being sent to affected 
Connecticut residents are included here for your reference. 

If you have any questions or need further information regarding this incident, please contact me 
at (303) 801-2700 or kris.kleiner@nortonrosefulbriqht.com . 


Norton Rose Fulbright US LLP is a limited liability partnership registered under the laws of Texas. 


48780488.3 


Norton Rose Fulbright US LLP, Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP and Norton Rose 
Fulbright South Africa Inc are separate legal entities and all of them are members of Norton Rose Fulbright Verein, a Swiss verein. Norton Rose 
Fulbright Verein helps coordinate the activities of the members but does not itself provide legal services to clients. Details of each entity, with certain 
regulatory information, are available at nortonrosefulbright.com. 
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NORTON ROSE FULBRIGHT 



Enclosure 
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September 1, 2015 


[NAME] 

[ADDRESS] 

CITY, STATE ZIP] 

Dear [NAME]: 

Lando Law Firm, LLC (“the Firm 55 ) is writing to inform you of a security incident that may have 
involved your personal information that was provided to the Firm by either you or your lender. We 
value our relationship with you and, as a precaution, are providing notice and outlining some steps you 
may take to help protect yourself. We sincerely apologize for any frustration or concerns this may 
cause you. 

On or about June 3, 2015, the Firm became the victim of a targeted phishing attack. As a result, the 
attackers obtained access to a firm email account intermittently on June 3 through June 4, 2015. 
These email accounts are hosted by a recognized third-party service provider. Upon learning of this 
attack, the Firm promptly notified federal and state law enforcement and began an investigation. The 
Firm has also been working with independent forensic investigators to determine the scope of the 
attack. That investigation has revealed no evidence that the attackers penetrated the Firm’s internal 
network or systems. 

We are writing to inform you that, through our ongoing investigation, we have learned that some of 
your personal information, including Social Security Number, bank account number, and driver’s 
license number, may have been accessible during the attack. The investigation has revealed no 
evidence that the attackers accessed or misused your personal information, however, we cannot 
exclude this possibility based on the evidence available. 

We take the privacy of personal information seriously, and deeply regret that this incident occurred. 
Upon learning of the incident, we promptly took steps to address the situation, including changing the 
account credentials to help prevent additional unauthorized access to the account, and implementing 
additional security measures on all of our company email accounts, including two-factor 
authentication, and providing additional information and employee training about these threats to help 
prevent this type of incident from recurring in the future. 

Nevertheless, we want to inform you of steps you may take to guard against identity theft or fraud. 
Please review the enclosed “Information about Identity Theft Protection” guide that describes 
additional steps you may take to help protect yourself, including recommendations from the Federal 
Trade Commission regarding identity theft protection and details on placing a fraud alert or a security 
freeze on your credit file. 



In addition, to help protect your identity, we are offering one year of complimentary membership in 
Experian’s® ProtectMylD® Alert, which helps detect possible misuse of your personal information 
and provides you with superior identity protection support focused on immediate identification and 
resolution of identity theft. Please refer to the enclosed guide for further information about these 
services and instructions on completing the enrollment process. 

If you have further questions or concerns about this incident, please feel free to contact our office at 
(877) 903-5665 between 9:00 a.m and 5:00 p.m Eastern time, Monday through Friday, or via email at 
info@landolawfirm.com. 

We sincerely regret any inconvenience or concern caused by this incident. 


Very truly yours, 

LANDO LAW FIRM, LLC 


Shannon M. Lando 
Attorney at Law 



Information About Identity Theft Protection 


We have engaged Experian®, the largest credit bureau in the U.S., to offer you complimentary fraud resolution and identity protection services for 
one year. If you are a victim of fraud, simply call Experian at 877-288-8057 by December 9, 2015, and a dedicated Identity Theft Resolution agent 
will help you. Please provide the following engagement number as proof of eligibility: PC96375. We also encourage you activate Experian's® 
Protect My ID® Alert product, which helps detect possible misuse of your personal information and provides you with identity protection services 
focused on immediate identification and resolution of identity theft. To enroll, visit www.protectmyid.com/redeem by December 9, 2015 and 
use the following activation code: [ACTIVATION CODE]. You may also enroll over the phone by calling 877-288-8057 between the hours of 9:00 
AM and 5:00 PM (Pacific Time), Monday through Friday (excluding holidays). 

We recommend that you regularly review statements from your accounts and periodically obtain your credit report from one or more of the 
national credit reporting companies. You may obtain a free copy of your credit report online at www.annualcreditreport.com, by calling toll-free 
1-877-322-8228, or by mailing an Annual Credit Report Request Form (available at www.annualcreditreport.com) to: Annual Credit Report Request 
Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You may also purchase a copy of your credit report by contacting one or more of the three 
national credit reporting agencies listed at the bottom of this page. 

You should remain vigilant with respect to reviewing your account statements and credit reports, and you should promptly report any suspicious 
activity or suspected identity theft to us and to the proper law enforcement authorities, including local law enforcement, your state's attorney 
general, and/or the Federal Trade Commission ("FTC"). You may contact the FTC or your state's regulatory authority to obtain additional 
information about avoiding and protection against identity theft: Federal Trade Commission, Consumer Response Center 600 Pennsylvania Avenue, 
NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft 

For residents of Maryland: You may also obtain information about preventing and avoiding identity theft from the Maryland Office of the Attorney 
General: Maryland Office of the Attorney General, Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, 1-888-743-0023, 
www.oag.state.md.us 

For residents of North Carolina: You may also obtain information about preventing and avoiding identity theft from North Carolina Attorney 
General's Office: North Carolina Attorney General's Office, Consumer Protection Division, 9001 Mail Service Center, Raleigh, NC 27699-9001, 
1-877-5-NO-SCAM, www.ncdoj.gov 

Fraud Alerts: There are also two types of fraud alerts that you can place on your credit report to put your creditors on notice that you may be a 
victim of fraud: an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report if you suspect you have 
been, or are about to be, a victim of identity theft. An initial fraud alert stays on your credit report for at least 90 days. You may have an extended 
alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud 
alert stays on your credit report for seven years. You can place a fraud alert on your credit report by contacting any of the three national credit 
reporting agencies at the addresses or toll-free numbers listed at the bottom of this page. 

Credit Freezes: You may have the right to put a credit freeze, also known as a security freeze, on your credit file, so that no new credit can be 
opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A credit freeze is designed to prevent 
potential credit grantors from accessing your credit report without your consent. If you place a credit freeze, potential creditors and other third 
parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your 
ability to obtain credit. In addition, you may incur fees to place, lift and/or remove a credit freeze. Credit freeze laws vary from state to state. The 
cost of placing, temporarily lifting, and removing a credit freeze also varies by state, generally $5 to $20 per action at each credit reporting 
company. Unlike a fraud alert, you must separately place a credit freeze on your credit file at each credit reporting company. Since the instructions 
for how to establish a credit freeze differ from state to state, please contact the three major credit reporting companies as specified below to find 
out more information. 

You can obtain more information about fraud alerts and credit freezes by contacting the FTC or one of the national credit reporting agencies listed 
below. 

National Credit Reporting Agencies 


Equifax (www.equifax.com) 
P.O. Box 105851 
Atlanta, GA 30348 
800-685-1111 


Experian (www.experian.com) 
P.O. Box 2002 
Allen, TX 75013 
888-397-3742 


TransUnion (www.transunion.com) 
P.O. Box 105281 
Atlanta, GA 30348 
877-322-8228 


Fraud Alerts: P.O. Box 105069, Atlanta, GA 30348 Fraud Alerts and Security Freezes: 
Credit Freezes: P.O. Box 105788, Atlanta, GA 30348 P.O. Box 9554, Allen, TX 75013 


Fraud Alerts and Security Freezes: 

P.O. Box 2000, Chester, PA 19022 
888-909-8872 



